[Guide] Dell XPS 13 9360 on MacOS Sierra 10.12.x - LTS (Long-Term Support) Guide

[bozma88]

Thank you very much Bozma88.
When i saw this guide posted not so long ago i could not believe it, it is so well made, very detailed.

Thanks to Rehabman too for his various contributions to this guide and to all matters related to Mac OS.

For now, i have only one question:

Introduction:
I live in a place where there are too many cases of violence, is common to hear about armed robbery, so when i heard my XPS 13 had a BIOS persistent module (called Computrace, by Absolute Software) to aid in recovery in case of theft, and that the service subscription was not so expensive, i planned to buy it without thinking twice, but there are Pro's and Con's.

Pro's: 1 - Inexpensive (compared to Insurance)
2 - Persistent (Can survive HD replacement)

Con's: 1 - I don't know if it can be used (activated) with Mac OS. (that's the main reason for my question here.)
2 - There are security specialist articles from Kaspersky and a live demonstration (i don't know if i can post the youtube link here, will edit later) that can prove that the module can be exploited by Malware to make it like a super trojan horse, undetectable and persistent.
3 - Some people say that this safety mechanism can be easily bypassed by ill intentioned people, making this solution, expensive, inefective and prone to malware infection.

Sorry, i don't want to hijack this thread, if necessary i can relocate (or ask moderator to relocate) this post to another forum, but i found it relevant it can be pertinent to various XPS 13 9360 Owners that want to install Mac OS.

Note: I know that Computrace cannot be used if Mac OS is the Only OS installed, but i plan to use Dual boot, and even if not, there is high chance that the thief would try to install Windows anyway. making the BIOS module usable again.

Computrace is something that caught my attention too.
Cons n.2 is the main reason I abandoned further research on the topic (I have a degree in IT and network security, so I tend to imagine the worst case scenario, it's what we've been taught to do).
A similar vulnerability in low level network firmware has just been patched after many years: http://thehackernews.com/2017/05/intel-amt-vulnerability.html
Last thing you want is your pc permanently locked and held at ransom.
My advice:
Configure iCloud and Find My Mac, enable guest user, password lock the BIOS, disable USB boot.
This way, there's no easy way to format, other than swapping the NVME SSD, so a "new owner" may be inclined to boot in Guest mode and connect to the internet.
You can also leave a message on the OS login screen, and I wrote my personal contacts ("if found, contact ...").

 

[bozma88]

Just for Information. My 9360 is dead. Did the latest BIOS update and had trouble with the usb-c Power Unit @ Win10 USB-Stick. Every 2 seconds load and no power unit. So I try to start the book again and there is just the LED, no fan, no screen. Tried all ideas from google. Send my book to Dell for fixing.

I don't understaff what's a power unit and win10 stick.
Anyway, there's an undocumented recovery mode. I don't remember the key combo to activate it. There old firmware image is saved to the EFI partition after a bios upgrade.
You just need to find the key combo to enter recovery mode.

 

[Jiojimbo]

Just for Information. My 9360 is dead. Did the latest BIOS update and had trouble with the usb-c Power Unit @ Win10 USB-Stick. Every 2 seconds load and no power unit. So I try to start the book again and there is just the LED, no fan, no screen. Tried all ideas from google. Send my book to Dell for fixing.

Did you tryied to reset CMOS? Today mine was "dead" after I opened it to change the keyboard, if I pushed the power button, the led on it lit for some seconds and then nothing. So I repoen it again, disconected the battery , the coin cell battery (CMOS) then pushed the power button to eliminate all charge and static form the sytem . Plugged again, closed an it worked perfectly . (altough it reset the Bios to defaults)
As per Dell:

 

[fv316]

With much sadness, Bluetooth has once again crashed, and I also got the duplicating BCM20702A0 device that @bozma88 was having. The strangest thing is that it survived two full days without crashing, and my usage patterns don't change: many short sleeps of 10min-1hour during the day, then a 8-10hour sleep at night. No new apps installed, same apps open every day.

Went through the logs again and found an interesting pattern though.

2017-05-30 18:33:20.671326-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Version 2.2.7 starting on OS X Darwin 16.6.
2017-05-30 18:33:20.671416-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: USB [184F32F21474 v274] "BCM20702A0" by "Broadcom Corp"
2017-05-30 18:33:20.691031-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Firmware upgrade not needed.
2017-05-30 18:33:20.693787-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Found existing IOKit personality "com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport".
2017-05-30 18:33:20.693793-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Processing time 0.22 seconds.
2017-05-30 20:12:46.522673-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Version 2.2.7 starting on OS X Darwin 16.6.
2017-05-30 20:12:46.522706-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: USB [184F32F21474 v274] "BCM20702A0" by "Broadcom Corp"
2017-05-30 20:12:46.529360-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Firmware upgrade not needed.
2017-05-30 20:12:46.532511-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Found existing IOKit personality "com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport".
2017-05-30 20:12:46.532517-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Processing time 0.9 seconds.
2017-05-30 20:12:46.649644-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Version 2.2.7 starting on OS X Darwin 16.6.
2017-05-30 20:12:46.649690-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: USB [184F32F21474 v274] "BCM20702A0" by "Broadcom Corp"
2017-05-30 20:12:46.677362-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Firmware upgrade not needed.
2017-05-30 20:12:46.680285-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Found existing IOKit personality "com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport".
2017-05-30 20:12:46.680290-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Processing time 0.30 seconds.
2017-05-30 20:17:51.446788-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Version 2.2.7 starting on OS X Darwin 16.6.
2017-05-30 20:17:51.446822-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: USB [184F32F21474 v274] "BCM20702A0" by "Broadcom Corp"
2017-05-30 20:17:51.871894-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Firmware upgrade completed successfully.
2017-05-30 20:17:51.876620-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Found existing IOKit personality "com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport".
2017-05-30 20:17:51.876631-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Processing time 0.429 seconds.
2017-05-30 20:17:51.882185-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Version 2.2.7 starting on OS X Darwin 16.6.
2017-05-30 20:17:51.882216-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: uploadFirmware could not open the device!
2017-05-30 20:17:51.884599-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Found existing IOKit personality "com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport".
2017-05-30 20:17:51.884603-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Processing time 0.2 seconds.
2017-05-30 22:08:25.635362-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: Version 2.2.7 starting on OS X Darwin 16.6.
2017-05-30 22:08:25.635394-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: USB [184F32F21474 v274] "BCM20702A0" by "Broadcom Corp"
2017-05-30 22:08:30.316873-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: Not responding - Delaying next read.
2017-05-30 22:08:30.318388-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: device request failed ("0xe00002ed (UNDEFINED)" 0xe00002ed).
2017-05-30 22:08:30.318404-0400  localhost kernel[0]: (BrcmPatchRAM2) BrcmPatchRAM2: [0a5c:216f]: continuousRead - Failed to queue read (0xe00002d8)

After a healthy wake from sleep, BrcmPatchRAM2 reports that Firmware upgrade not needed. Starting with the 20:12 wake in my logs, it starts trying to load the firmware twice (possibly because at this point BCM20702A0 has been duplicated. On the next wake it again tries to load the firmware twice, first time saying Firmware upgrade completed successfully, and then immediately after uploadFirmware could not open the device during the second load. On the following wake Bluetooth crashes.

 

[afg32]

Con's: 1 - I don't know if it can be used (activated) with Mac OS. (that's the main reason for my question here.)

Sorry, english is not my native language, maybe i didn't express myself correctly, i know that the Computrace persistence module in BIOS don't work in Mac OS or Linux (There is a Mac version of Computrace, but is software only, not persistent), what i really meant to ask is: Is it possible to enable Computrace in BIOS (toggle from "Deactivate" to "Activate") and yet still be able to pass instalation and use Mac OS without any hardware errors? So this way, i can have my privacy and malware-free experience in Mac (without any drawback from computrace) and yet if a thief steal it, they will certainly install windows, so the persistent module will activate the payload in windows. I hope you understand now.

Cons n.2 is the main reason I abandoned further research on the topic (I have a degree in IT and network security, so I tend to imagine the worst case scenario, it's what we've been taught to do).

One of the reasons i'm using mac is exactly to avoid being in the same OS as the Computrace payload, so i can have the protection it offers without any drawback. I just hope i can enable it in BIOS and not mess up the Mac OS installation or usability.

My advice:
Configure iCloud and Find My Mac, enable guest user, password lock the BIOS, disable USB boot.
This way, there's no easy way to format, other than swapping the NVME SSD, so a "new owner" may be inclined to boot in Guest mode and connect to the internet.
You can also leave a message on the OS login screen, and I wrote my personal contacts ("if found, contact ...").

That is a good advice but if my dell was robbed ("if found, contact ...") is certainly not going to work, only if i misplaced or lost the device.

 

[RehabMan]

After a healthy wake from sleep, BrcmPatchRAM2 reports that Firmware upgrade not needed.

That part is normal. In the normal sequence of events, BrcmPatchRAM starts twice. First time it loads firmware, and then the system loads it again, and BrcmPatchRAM checks current firmware and finds it already current. I'm not sure why IOKit starts it twice like that, but it does.

Starting with the 20:12 wake in my logs, it starts trying to load the firmware twice (possibly because at this point BCM20702A0 has been duplicated. On the next wake it again tries to load the firmware twice, first time saying Firmware upgrade completed successfully, and then immediately after uploadFirmware could not open the device during the second load. On the following wake Bluetooth crashes.

I think there is a contention issue between BrcmPatchRAM and the native BT drivers.
I know it is possible due to how the code works.
Unfortunately, there is not an easy way to block the native BT kexts until the firmware is uploaded...

 

[rama1981]

I don't understaff what's a power unit and win10 stick.
Anyway, there's an undocumented recovery mode. I don't remember the key combo to activate it. There old firmware image is saved to the EFI partition after a bios upgrade.
You just need to find the key combo to enter recovery mode.

Sorry. i meant "Power unit" = Power supply.
Win10 Stick = Windows 10 USB 3.0 Stick to boot and run the WinOS with USB to update Bios and have Windows for testing.
Thx - I´ll search for recovery mode.

Did you tryied to reset CMOS? Today mine was "dead" after I opened it to change the keyboard, if I pushed the power button, the led on it lit for some seconds and then nothing. So I repoen it again, disconected the battery , the coin cell battery (CMOS) then pushed the power button to eliminate all charge and static form the sytem . Plugged again, closed an it worked perfectly . (altough it reset the Bios to defaults)
As per Dell:

Thanks for your idea! I´ll try in the evening. Yesterday I opened the XPS and pull away the battery. Pushed the on/off button. But nothing worked. Specially I tried to start without battery - but nothing exept a LED for maybe 5 seconds.

 

[bozma88]

Sorry, english is not my native language, maybe i didn't express myself correctly, i know that the Computrace persistence module in BIOS don't work in Mac OS or Linux (There is a Mac version of Computrace, but is software only, not persistent), what i really meant to ask is: Is it possible to enable Computrace in BIOS (toggle from "Deactivate" to "Activate") and yet still be able to pass instalation and use Mac OS without any hardware errors? So this way, i can have my privacy and malware-free experience in Mac (without any drawback from computrace) and yet if a thief steal it, they will certainly install windows, so the persistent module will activate the payload in windows. I hope you understand now.



One of the reasons i'm using mac is exactly to avoid being in the same OS as the Computrace payload, so i can have the protection it offers without any drawback. I just hope i can enable it in BIOS and not mess up the Mac OS installation or usability.



That is a good advice but if my dell was robbed ("if found, contact ...") is certainly not going to work, only if i misplaced or lost the device.

Maybe you can activate, configure it on windows, then run linux or MacOS.
I think that the persistent nature of it means that even after a hdd wipe the core module is still active.

"Windows Payload" is a wrong concept: an attack to a low level firmware component can allow passive or active man in the middle attacks completely unnoticeable to the user or the OS.
Literature exists, for example, describing attacks to USB controllers.

In case of a robbery, I'd be more concerned about data safety, to be honest. The use of a password manager like 1Password (with a super strong master key) and File Vault (which, with proper efi drivers seems possible even on hackintoshes) are a starting point.

Also, IIRC, beware that Computrace cannot be disabled once activated in BIOS.

Also, do not update BIOS with Windows. Place the .exe on a USB key (FAT) press F12 at boot and launch the EFI update utility. Safer.

 

[bozma88]

That part is normal. In the normal sequence of events, BrcmPatchRAM starts twice. First time it loads firmware, and then the system loads it again, and BrcmPatchRAM checks current firmware and finds it already current. I'm not sure why IOKit starts it twice like that, but it does.



I think there is a contention issue between BrcmPatchRAM and the native BT drivers.
I know it is possible due to how the code works.
Unfortunately, there is not an easy way to block the native BT kexts until the firmware is uploaded...

We should hook the native BT drivers to a fake bluetooth device, that is turned on and rerouted to the actual bluetooth device only once the uploader has completed the upload.
Just wondering...

 

[bozma88]

Just bought this, can't wait to do a thermal imaging of our laptop!